diff --git a/core/Makefile b/core/Makefile index c19b0754af5b9ec33e81286de177e4a0f09614ec..00b7f66ea56a0b31a3fc0734220b7d5c2b567aad 100644 --- a/core/Makefile +++ b/core/Makefile @@ -6902,7 +6902,7 @@ endif # ----------------------------------------------------------------- # The SDK -ifneq ($(filter sdk,$(MAKECMDGOALS)),) +ifneq ($(filter sdk sdk_addon,$(MAKECMDGOALS)),) # The SDK includes host-specific components, so it belongs under HOST_OUT. sdk_dir := $(HOST_OUT)/sdk/$(TARGET_PRODUCT) diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk index eb429cdd5c6dff49af6a5e9fe288c5f2aa645846..14b2b7fd015e38fb9e6c65811b4de7cfdda3cad4 100644 --- a/core/app_prebuilt_internal.mk +++ b/core/app_prebuilt_internal.mk @@ -250,6 +250,7 @@ ifeq ($(module_run_appcompat),true) $(call appcompat-header, aapt2) $(run-appcompat) endif # module_run_appcompat + $(patch-trichrome) $(sign-package) # No need for align-package because sign-package takes care of alignment else # LOCAL_CERTIFICATE == PRESIGNED diff --git a/core/config.mk b/core/config.mk index 1c8baff1ae115fc961d6df0e1903d4f2b539a258..a7d4beed084522c1a82c110aa241e98fd2a78148 100644 --- a/core/config.mk +++ b/core/config.mk @@ -651,6 +651,8 @@ JETIFIER := prebuilts/sdk/tools/jetifier/jetifier-standalone/bin/jetifier-standa EXTRACT_KERNEL := build/make/tools/extract_kernel.py +PATCH_TRICHROME := build/make/tools/chromium_trichrome_patcher.py + # Path to tools.jar HOST_JDK_TOOLS_JAR := $(ANDROID_JAVA8_HOME)/lib/tools.jar diff --git a/core/definitions.mk b/core/definitions.mk index 0c46de9fc6b8ffb0110178a99f50fbc7cb1c5ec2..e475790804db587fd3c9301ad2e1987fc6dadc8c 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -3845,3 +3845,8 @@ define use_soong_sdk_libraries $(foreach l,$(1),$(if $(filter $(l),$(SOONG_SDK_VARIANT_MODULES)),\ $(l).sdk,$(l))) endef + +# Patch Trichrome to add cert digest at buildtime +define patch-trichrome +$(hide) $(PATCH_TRICHROME) $@ $(PRIVATE_CERTIFICATE) +endef diff --git a/core/sysprop.mk b/core/sysprop.mk index 5ff93a13e7c806fd8b80e4114b190075f09f4004..1755e12441442015c0f79dc7140a4ab73c2c2d13 100644 --- a/core/sysprop.mk +++ b/core/sysprop.mk @@ -206,8 +206,15 @@ BUILD_THUMBPRINT := # Define human readable strings that describe this build # +# Spoof target build variant because Whatsapp (and maybe others) +# is checking the "debug" pattern in the Build.DISPLAY variable. +SPOOFED_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT) +ifeq (userdebug,$(TARGET_BUILD_VARIANT)) + SPOOFED_TARGET_BUILD_VARIANT := user +endif + # BUILD_ID: detail info; has the same info as the build fingerprint -BUILD_DESC := $(TARGET_PRODUCT)-$(TARGET_BUILD_VARIANT) $(PLATFORM_VERSION) $(BUILD_ID) $(BUILD_NUMBER_FROM_FILE) $(BUILD_VERSION_TAGS) +BUILD_DESC := e_$(TARGET_DEVICE)-$(SPOOFED_TARGET_BUILD_VARIANT) $(PLATFORM_VERSION) $(BUILD_ID) $(BUILD_NUMBER_FROM_FILE) $(BUILD_VERSION_TAGS) # BUILD_DISPLAY_ID is shown under Settings -> About Phone ifeq ($(TARGET_BUILD_VARIANT),user) diff --git a/core/tasks/sdk-addon.mk b/core/tasks/sdk-addon.mk index 5097f1266f0ed5347cefca66a7e9028a08dcb254..9acbe01ae19018e7d8e8cd89b11fca1247bf65e2 100644 --- a/core/tasks/sdk-addon.mk +++ b/core/tasks/sdk-addon.mk @@ -122,7 +122,7 @@ $(full_target): $(sdk_addon_deps) | $(SOONG_ZIP) $(hide) $(SOONG_ZIP) -o $@ -C $(dir $(PRIVATE_STAGING_DIR)) -D $(PRIVATE_STAGING_DIR) $(full_target_img): PRIVATE_STAGING_DIR := $(call append-path,$(staging),$(addon_dir_img))/images/$(TARGET_CPU_ABI) -$(full_target_img): $(full_target) $(addon_img_source_prop) | $(SOONG_ZIP) +$(full_target_img): $(full_target) $(INSTALLED_USERDATAIMAGE_TARGET) $(addon_img_source_prop) | $(SOONG_ZIP) @echo Packaging SDK Addon System-Image: $@ $(hide) mkdir -p $(dir $@) cp -R $(PRODUCT_OUT)/data $(PRIVATE_STAGING_DIR)/data diff --git a/tools/chromium_trichrome_patcher.py b/tools/chromium_trichrome_patcher.py new file mode 100755 index 0000000000000000000000000000000000000000..bda96b3fa66cab264936722887573ddaf570a2f1 --- /dev/null +++ b/tools/chromium_trichrome_patcher.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +import os +import subprocess +import sys +import zipfile + +infilename, sign_key = sys.argv[1:] + +def ExtractFingerprint(cert): + cmd = ['openssl', 'x509', '-sha256', '-fingerprint', '-noout', '-in', cert] + proc = subprocess.run(cmd, stdout=subprocess.PIPE) + return proc.stdout.decode('utf-8').split('=')[1].replace(':', '') + +def patch_trichrome(infilename, sign_key): + orig_certdigest = "32a2fc74d731105859e5a85df16d95f102d85b22099b8064c5d8915c61dad1e0" + new_certdigest = ExtractFingerprint(sign_key).lower().rstrip() + + with zipfile.ZipFile(infilename, 'r') as zin, zipfile.ZipFile(infilename + ".patched", 'w') as zout: + for info in zin.infolist(): + data = zin.read(info.filename) + if info.filename == 'AndroidManifest.xml': + # Make sure we can find the certdigest + try: + data.rindex(orig_certdigest.encode('utf-16-le')) + except: + pass + # Replace it + data = data.replace(orig_certdigest.encode('utf-16-le'), new_certdigest.encode('utf-16-le')) + zout.writestr(info, data) + + # Delete the original file + os.remove(infilename) + + # Rename the output file to the original file name + os.rename(infilename + ".patched", infilename) + +if "Browser_" in infilename or "BrowserWebView_" in infilename: + patch_trichrome(infilename, sign_key)